It should go without saying that, in every situation where a crime is taking place, it is most desirable to catch the perpetrator. Doing anything else, including merely disrupting their operation, is simply a consolation. With this in mind, I find that best practices are not always laid out properly so that professionals going into this situation know how to meet the desired end. Even though I specialize in online investigations, I come from the old school and believe that those skills are sometimes a lost art in the new world of online investigations. We will always be investigating people, not their tools. If I hear another firm tell me they are “investigating a website” I’ll pull my hair out. You are investigating the crimes being committed by the operator(s) of a website. Just as a homicide investigator would not say he is investigating a bullet, or even a gun, you are not investigating a thing either. Things are tools people use to commit crimes. Although the tools are important, they are mere hurdles between you and the culprit.

This leads me to discuss the concept of investigation strategy on the Web. I’m not going to get into details on how to be anonymous on the Web because there are a lot of great articles on that. What I’m interested in talking about is the philosophy I’ve developed during my twenty-two years of investigating people online and working with hundreds of firms. This leads me to The Crack House Principle. I originally introduced this principle in a presentation to the International AntiCounterfeiting Coalition in 2005. The presentation itself was fairly broad and covered many aspects of the Web and investigations therein. Since then, I’ve incorporated these teaching into my IPCybercrime Boot Camp that toured North America a few years back. I realized the other day that I have never written a post on this topic. Shame on me!

Imagine, if you will, you are assigned to investigate a drug operation in Venice Beach. Drugs are rampant and you received a tip that the primary source for a number of the local dealers is operating out of a house on Mildred Avenue, just a couple blocks from the Venice Canals. You decide to go to the house wearing your office clothes, walk around the backyard and peek into all the windows. After enough peeping, you decide to knock on the door. Surprisingly, someone answers. He is musclebound and covered in tattoos. His name is probably Spider. He opens the door and says nothing. You politely say, “Hey fella. Got any crack?”. The door slams. You return to the office feeling somewhat accomplished. It’s time for someone else to visit and close the deal.

Ernie from your office putts over there in his 1990 Corolla and parks out front. He fixes his hair in the rear view mirror and takes a breath mint. After a couple minutes of repeating affirmations from a CD, he garners the courage to get out and beeline to the door. Ernie walks up the six steps, avoiding a deteriorating mattress and a couple stray cats. He adjusts his bow tie, clears his throat and knocks. No one answers. After a short bit, he knocks again. No one answers. Instead of leaving, Ernie walks around to the backyard and starts peering into windows. After a few peeps, he finally sees a a female in a bedroom fiddling with a laptop. Ernie clears his throat again and says, “Excuse me, ma’am?” She jerks her head to him as Ernie continues, “Umm… pardon me, but do you have any crack?” She turns her head back toward the Facebook game she is playing. Ernie tucks his tail between his legs and proceeds back to the office where he reports his findings to you.

Not a person to quickly give up, you decide to wait a few days and then send your secretary Agnes over to Mildred Avenue to do a third round of recon. You now know that this MUST work. Because, well, Mom always said, “If at first you don’t succeed, try, try again.” Why doubt Mom, right? So, Agnes, excited to get out of the office, grabs her purse, slathers on some lipstick, hops into her minivan and jets over to our target location in Venice Beach. When she arrives, she repeats Ernie’s moves. She knocks, peeks around yells, “Hey y’all! Got any crack?” into a few windows to no avail. Agnes reports back to the office and you put on your thinking cap. You say to yourself, “Our informant told us there was crack being sold there. It’s there. I know it! I guess it’s time to kick it up a notch and call my trusty private investigator.”

Good choice! So you get on the horn and call your trusty P.I. You fill her in on the address and what she should be looking for. The P.I. heads there and is surprised to find a “For Sale” sign out front with no signs of life. She decides to take a look inside since the door is wide open. Even inside, there are no signs of life. Your investigator then calls in her forensic team and scours for evidence. Everything has been cleaned out. Not a trace of drugs or fingerprints. So you celebrate. We stopped ’em! You even pop a cork and pour a few drinks for the staff. Two days later, you get a call that drugs are not only still rampant on Venice Beach, but an informant tells you that there is talk among the criminal underworld that a law firm has been snooping around and, hence, taught the dealers how to avoid them by revealing their methods so openly. These people have done this before. We’re dealing with professionals. Go figure!

You go back to your investigator and tell her the story. She flatly tells you there is nothing she can do at this time and mentions that, if you called her earlier, the dealers could have been caught. There are some things your investigator knows from so many years of training that you could not possibly have known. You hang up and sulk in the fact that the case is blown and it is everybody’s fault but your own. Does this sound realistic? No, not literally. In the physical world, any attorney would know that knocking on doors and peeking into windows randomly asking for crack would result in an empty crack house.

That is why I invented The Crack House Principle to help attorneys understand the concept of online investigations. On the Web, just like the physical world, crooks can see you coming. They can see where you’ve been, where you are poking around on their site and, worst yet, most times the can figure out exactly who you are. It may surprise you that most times when you pass a website investigation to your investigator, this is the exact scenario.

So, hopefully, this has been an interesting article for you to read. Please, no one think the purpose of this is to talk down to you. It is not. The purpose is to help you understand the intricacies of the investigator’s job so that you will know next time it is best to pass the case off as soon as it has been received. I know from my lifetime of doing this that, the sooner collaboration begins, the higher the likelihood the case is solved. And isn’t that what we’re all looking for?

Like this:

With all of the discussion of hackers, advanced persistent threats (APT’s) and email scandals, I thought it was timely for me to discuss my philosophy on data consolidation. Before delving into the concept of data, you must be able to compare it to its physical equivalent. So many people, supposed professionals and hobbyists, pretend that data (or digital assets) are somehow not physical. This is because many folks in our space believe the digital realm to be a fairy-tale kingdom where they can set the rules. It isn’t. The digital world is subject to the same laws and limitations as the physical world. As ether-like as charlatans want you to believe it is, data always physically exists somewhere. What makes it appear omnipresent is its ability to be copied and distributed on a mass level with little effort.

It is for this reason that I am a huge proponent of server consolidation. The most successful method in physical security is to put all of your ‘crown jewels’ in one place so that you may concentrate on its fortitude. Just as in the physical world, it is great to have multiple locations and redundancies for the less valuable data, but the most valuable must be in one spot. Two at most. Mind you, these are the data that make your company’s secret sauce. There is a reason there is a second, locked, kitchen at Crustacean in Beverly Hills. If their data gets out, they’d become like every other seafood joint in town. Some may say that redundancy is important to insure prevention of data loss. Again, that works for the data that will not ruin your company if stolen. If it will not ruin your company if revealed, it isn’t the same valuable data of which we are speaking. I belong to the world’s oldest fraternity. Yes. I’m a Freemason. For more than three thousand years, the process of transferring data from mouth to ear has worked perfectly. Did you know that the Central Intelligence Agency modeled their communications after that of the Freemasons? Now you do. Since the building of King Solomon’s temple, we’ve not written anything down. I’m not kidding. This is the truth. In fact, I’ve probably told you too much.

The true major-leaguers in the infosec world know that sensitive data is better lost than stolen. I repeat. Better lost than stolen. Don’t forget it.

Who are the Slytherin anyway? And why is Hogwarts teaching them the ancient and forbidden magic arts? My wife is going through the process of re-watching all of the Harry Potter films. She’s read all of the books ahead of the films, watched the films in the theater and now she has decided to see them all again. Perhaps this is in preparation of the grand opening of The Wizarding World of Harry Potter next year at Universal Studios Hollywood. Besides the first one that had Gary Oldman in it, I always encouraged Wifey to take a niece or nephew to see these movies. Mission accomplished. Somehow, though, I have a feeling I’m not going to be able to weasel out of attending the theme park. To quote a great song of the 1970s “The Things We Do for Love”. 10cc had it right. But this new homespun film festival has gotten me thinking.

Why would the world’s foremost school in witchcraft and wizardry accept students prone to evil? It’s not like Harvard, where some of their alumni somehow end up managing hedge funds and bilk the poor. Hogwarts actually has a major in Evil. No kidding! It’s called Slytherin. The folks who major in this topic learn cunning, ambition and — no I’m not kidding — blood purity. Yes, blood purity. Voldemort, the Devil figure of the Harry Potter series, attended Hogwarts years prior and majored in Slytherin. Throughout the entire series, Voldemart is the Grand Dragon of the purists and demands for “muggles” (non-wizards and mixed-breeds) to be eliminated. You’d think that, after Voldemort became a problem, the (apparently) prestigious Hogwarts school would phase the Slytherin track out of its curriculum. But no, they do not. They continue to teach the most evil of their applicants the secrets of their power and actually sponsor games where they watch them all battle it out. Did I forget to tell you this is a school for children? Yeesh yiminy! This makes me think that the ‘Lord of the Flies’ version of the New Jersey public schools in which I grew up was child’s play.

Let’s turn this around to non-fiction. I remember reading many years ago after 9/11 that it was revealed that a number of the folks involved had originally met at a martial arts studio in Brooklyn. This includes one of the alleged ringleaders, Mohamed Atta. The hijackers, dubbed in intelligence training the ‘Hamburg Cell’, also attended flight schools here in the United States. After a book was written making these connections, a number of martial arts and flight schools began conducting background checks on their students. Nothing is absolute, but it does make sense to be sure you’ve done your due diligence to make sure your students do not have an apparent propensity for evil already dripping from their pores.

Now let’s elevate this thought to a more modern and hi-tech level. Anyone with a credit card and a couple thousand dollars can attend classes to teach them how to hack innocent individuals. Yes, the classes are presented with the disclaimer that all students must only use their new-found powers for the forces of good. But it is ludicrous to believe that is the case. I’ve attended numerous hacking courses, from online to real-life. There is a general consensus that bad folks need not apply. But this isn’t enforced. Some of the best hackers on the planet I know personally. And (for the most part) they are great folks with impeccable values that want nothing more than to find security flaws in their clients’ infrastructure and report directly to them with a plan to remedy said flaws. I’m not saying this because they can all hack me right now. I really mean it. Seriously. But it still needs to be noted that creeps and felons attend these courses. Currently there is no good/evil benchmark for the hacking community. But perhaps soon there will be. Whether it’s magic, hacking or karate-chopping, it’s nice to know your student.

Like this:

Anyone who knows me or follows me online knows that I’m a pretty open person. I share almost everything I’m up to. Anyone I know (or any stranger for that matter) can experience with me my lunch, thoughts on a number of odd topics, and even what I’m doing with my dog, Chauncey. In fact, right now you can click any link on the right of this page and learn a plethora of details about my exploits, both past and present. You may say that this is bad for someone in the investigative profession. You are not alone. Overwhelmingly, security professionals of a certain level preach this concept as gospel. I’m here to tell you that, in the 21st century, “security by obscurity” is the most ludicrous method of keeping secrets.

My father was a private investigator unlike myself. For the most part, I investigate white collar businessmen. He took organized crime head on in the tri-state area of New Jersey, Pennsylvania and New York. When I was an adult, he shared some of those stories with me, including one of a story of a mob enforcer parked in front of our house while we were leaving for school. His account of how he made the man leave is a story for another day. It’s worthy of its own post. My point is that I’ve lived cautiously my entire life more than most.

If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds.” ~ McGeorge Bundy, US National Security Advisor under John F. Kennedy.

I have always subscribed to this concept, even before I was aware of Bundy’s statement. Before the age of Web 2.0, this was not a major issue for most of us. We now live in a time when anyone with a computer and a credit card can compile a dossier on anyone as thick as a telephone book in a matter of hours. Some say that, in twenty years, there will be no more secrets. If organizations like Wikileaks and Anonymous have their way, it may be the scenario.

Over the years, I have developed what I call ‘The Haystack Principle of Counterintelligence’. This is how it works in four easy points:

Decide what your needles are. These are the very few things that you truly don’t want anyone to know.

Understand that hiding everything is unrealistic and get comfortable with sharing things that are not true secrets (hay).

Build your haystack. Create social media profiles and share details about yourself publicly to your level of comfort. The more you share, the larger the haystack. The larger the haystack, the smaller the needles.

Like this:

I have recently been asked several times by clients and colleagues about the dark web. When I began writing this article I was still debating whether I should use capitals when addressing the dark web. After a few thoughts, I decided that it does not warrant its own title. The dark web is as much a proper place as a dark alley. Before I discuss my reasoning here, I should give you all a quick synopsis of what the dark web actually is, and it isn’t what you may think. The Internet, as we know it, is a network of millions of servers that connect to one another and, as a result, catalog one anothers’ contents. This enables search engines like Google and Bing to index the information for free and resell it to their consumers for a profit, financed by advertisers.

The dark web, however, is a network of tens of thousands of servers that connect using a service called TOR. TOR (or The Onion Router) is partially funded by the United Stated Department of Defense and guided by the Electronic Frontier Foundation. Neither of these organizations have an inkling of how this network will make a profit. Websites that reside in the dark web use a TLD (top level domain) different than most. Here is the secret that the low-level professionals wish not for you to know. The only difference between a regular website and a dark website is the TLD (or top level domain). The Electronic Frontier Foundation created a specifically anonymous TLD at .onion. After explaining you this simple issue, many of you may have already figured out the next step. But here goes:

The only way for anyone to access a .onion website is to be logged in using the Electronic Frontier Foundation’s TOR browser. Once you know the URL of a dark web website, you can access it by typing it into your browser after already being logged into the TOR network. Look, your teacher here is a Freemason. So I already understand the concept of a secret handshake. It’s even possible that some of you have had a tree house at some point. Everything of secrecy requires a secret handshake. This is literally all the dark web requires. A secret handshake that’s available to anyone.

So the only secrets behind accessing the dark web are two. One is knowing the protocol mentioned above. The second is knowing where to get around. There is obviously no Google or Bing set up in the dark web at this juncture. This is where the ability to develop an undercover identity is valuable. No matter how dark the web, or how scary the neighborhood, you need to get to know the territory. So don’t waste time. Download TOR and start looking for .onion sites.

When someone goes about buying a car, there is a valuation model to follow. If a car is brand new, the value is set by the manufacturer, which allows for their margin plus a margin for the dealer. Once a vehicle is driven off of the lot the depreciation begins. That is, unless the vehicle’s value appreciates. Take, for example, the greatest car ever constructed, the Shelby Mustang GT500 of the late 1060s and early 1970s. When the 1971 model starred in the film classic Gone in 60 Seconds, it changed the world of movie car chases. The 2000 Nicholas Cage remake of Gone in 60 Seconds used a 1967 model of the same vehicle, and revitalized the world’s fascination with “Eleanor” (the code name given to the sumptuous steel vixen). That particular model was recently sold at auction for over one million dollars. If you’re lucky, you’ll find a fix-er-upper for $100,000. That’s a far cry from the original sticker price of $8,000 when it was sold right off of the assembly line.

This same story can be told about domain valuation. There are websites out there giving ‘valuations’ of domain names but, as well-meaning as they may be, only take into account simple factors such as keyword popularity, selling price of similar names and very little else. Domain valuation is never that simple. When we first receive a request from a client to inquire about the purchase of a domain we first investigate the owner. This allows us to take into account factors such as their initial intention, other uses, their tech savvy and even their financial bracket. Typically there are two kinds of domain owners out there. The first is the ‘domainer’, who valuates the domain using a cold formula then awaits a reasonable price and moves on to the next domain. No emotion is tied to the deal. It’s just a number. Then there’s the individual who purchased it with a vision in mind, went to the trouble to register the same name on other social networks and sees the name’s potential in a way that only a parent can with its own child. With the latter person, it doesn’t matter if the project is dead or alive; whether they are in need of funds or not. To them, the name is priceless.

This does not mean there isn’t a number that could greenlight this sale. It just means that the owner of the name values it in such a way that ‘they’ can’t put a price on it. There is always a price. It is our job to begin a negotiation that welcomes a dialogue. This means to get to know the individual and build rapport. It also means we need to come up with a starting price that does not turn them away. If I offered you $500 for Eleanor, you’d likely not return my call and, even more likely burn me for future contact. Our approach has shaved millions off of domain name selling prices. This doesn’t mean we’ll be able to buy you a domain for a fraction of its potential price. What we guarantee at IPCybercrime will provide honest, respectful treatment of both sides and the best possible outcome for you, the buyer.

Like this:

Anybody watch the Season 2 Premiere of this cool show?! Well, if you didn’t this post may be a bit of a spoiler, but not much. For those of you who have not seen the show yet, here is a brief summary: Orphan Black is a Canadian science fiction television series starring Tatiana Maslany as several identical women who are revealed to be clones. The series focuses on Sarah Manning, a woman who assumes the identity of her clone, Elizabeth (Beth) Childs, after witnessing Beth’s suicide. The series raises issues about the moral and ethical implications of human cloning and its effect on issues of personal identity.

From an entertainment perspective my respect goes out to the lead actress, Tatiana Maslany, who plays multiple roles including a streetsmart grifter (Sarah), a manic suburban mom (Alison), a pot-smoking lesbian scientist (Cosima) and a feral Russian assassin (Helena) among others. For those of you who have not seen the show (yet), the main character is Sarah, who is partnered with Alison and Cosima, pooling their collective resources to figure out who made them and who is trying to kill them off. Maslany’s award-worthy performances are often done playing opposite herself, whether in shootouts or comedic banter. But the reason I’m writing about Orphan Black on Knockoff Report is the cloning issue. On the surface, cloning can be an interesting topic in the IP debate.

The thing that made me think hard about this wasn’t the epically cool first season. It was this week’s Season 2 premiere that really brought out the IP geek in me. The scientist, Cosima, is investigating the codes embedded in their DNA and cracks it. Turns out, embedded in her DNA, and the rest of her clone sisters is a patent notice. Her quote, “We’re property. They patented us.” was the topic of this episode which was entitled “Personal Property”. As interesting as this seems, this is still not why Rob Holmes, an anticounterfeiting expert and enthusiast, was drawn to write about this. Here is the reason: I admit I do not know the outcome of the entire series and this is where speculation comes in. But, assuming one of the individuals is an original… are the patent owners actually counterfeiters? I say yes. If I owned the patent for a duplication device, it would not give me rights over the items I copy. Only rights overs the duplication process. A patent is a grant of ownership over a specific process. Patents do not protect images, words or content. This show is very good and I hope it goes on for many seasons. If this is the case, we will not know some of those answers for years to come. This means my actual argument may not even be valid until perhaps more seasons pass. Is there an original? Was the original created, or born? But, as an IP geek, this is fun stuff and will keep us thinking for many years to come.

Like this:

It’s an ironic thing that I’m located in the same town but, yes, I watch the TNT drama “Dallas” based on the 1980s phenomenon of the same name. To my defense, it’s located in my current city… but the soap opera aspects of the show are still quite appealing. Oil men, big business, politics, hot chicks… no problem putting in my time.

As y’all know the main character J.R. Ewing’s, his son John Ross Ewing, is caught between two (or more) women. One of the women, Elena Ramos (Jordana Brewster), is loyal to the Ewing family. Her brother Drew, on the other hand, is still trying to find his place in the world and to prove his worth to his sister. In addition to trying to prove his worth to his sister on the Ewing’s Southfork Ranch, he takes a job running goods across the Texas/Mexico border for Ewing rival Harris Ryland (Mitch Pileggi). A casualty of the rivalry, poor Drew gets caught transporting a truckload of counterfeit designer goods across the US/Mexican border.

Don’t blame the Ewings for this mess. Ryland was the mastermind of the counterfeiting operation from the beginning. But poor Drew is stuck in the middle. After the counterfeit goods incident, Ryland uses misguided Drew to pull off another operation against his own better judgment. But, sadly, there were casualties. If you’re up to date on the show may you know that Drew comes out from hiding this week.

No matter your angle on the show itself (I, personally, side with John Ross), the counterfeit goods arrest will certainly bite Drew, but not as badly as the demolitions operation that killed Christopher’s twins. If you’re not watching the show, IP interest aside, you’re missing out on some good old fashioned soap opera fun. Tune in baby!

Like this:

Welcome to ‘Fakes in Film’, the first in a new series of articles featuring counterfeit goods and trademark infringement featured in movies and television. More and more, this topic is being included in pop culture and we want to be there to show it to you. Some references will be old/retro and some will be completely new. So here goes…

One of my favorite crime films of the last decade is Ridley Scott’s epic “American Gangster” starring Denzel Washington and Russell Crowe. The film chronicles the rise and fall of real-life drug kingpin Frank Lucas (Washington) who is pursued by the flawed hero Richie Roberts (Crowe).

As a businessman I quickly connected with Lucas’ recognition of eliminating the middleman to connect directly with the supplier. He immediately doubled his profits after this step and gained respect from his peers by how he eliminated said middleman. As a crime-fighter I related to Roberts’ pure motives and focus on the prize. He wanted to stop Lucas’ criminal activities at all cost. He did.

What does this film have to do with trademark infringement? Of all films in recent years this sticks out with me the most. Frank Lucas (Washington) is enjoying the spoils of the success of his uncut heroine on the streets on 1970s New York City. What many may not recall is that he created a brand for this drug called “Blue Magic”. When a competitor began using his trademark to distribute substandard drugs, he quickly met with this individual and explained the situation to him as follows:

“Blue Magic is a brand name; as much a brand name as Pepsi. I own it. I stand behind it. I guarantee it and people know that even if they don’t know me any more than they know the chairman of General Foods. What you’re doing, as far as I’m concerned, when you chop my dope down to five percent, is trademark infringement.”

This illustrates to me, more than the usual venues, how brand recognition is so important that it transcends even legal commerce. Brands rule, baby. They rule completely. Even though many of us spend our time trying to stop criminals from infringing on our clients’ trademarks, they too care about their own brands. Irony? yes. Another way to track them? Yes also.

Tom Seaver was voted into the Baseball Hall of Fame in 1992 with a 98.8% vote on the first ballot. Even 21 years afterward, this is the highest consensus of all time. I know you’re asking, “Why does Rob Holmes, a private eye, care about a pitcher from the 70s in regard to being a private eye?” He was voted by his critics to be more qualified than anyone that came before, or after him, to be in the Hall of Fame. Back in the 1970s, when he was at his peak performance, a reporter asked him when he decided to change pitches. His response was, “I throw the same pitch until it doesn’t work no more.” This is the best business advice I have ever received. Still, after many years in business:

1. I develop an arsenal of weapons.
2. I decide which one is the best, then prioritize.
3. I strike the first bastard out.
4. I keep throwing the same pitch until it doesn’t work no more.
5. I throw another great pitch until it doesn’t work no more either.
6. Repeat until the opponent is defeated.

In investigations, or even business, this is always the case. I’ve read books written by great businessmen like Trump, Welch, Collins and the like. But the only thing that resonates with me is the “Seaver Method” that says sticking with what works is always the best thing to do. No matter what the theory is… what works is all you know. Keep at it until it don’t work no more. Then move on to the next idea. And so forth.